CVE-2026-23141
Severity
5.5MEDIUM
EPSS
0.0%
top 96.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: send: check for inline extents in range_is_hole_in_parent()
Before accessing the disk_bytenr field of a file extent item we need
to check if we are dealing with an inline extent.
This is because for inline extents their data starts at the offset of
the disk_bytenr field. So accessing the disk_bytenr
means we are accessing inline data or in case the inline data is less
than 8 bytes we can actually cause an invalid
memory…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux82bfb2e7b645c8f228dc3b6d3b27b0b10125ca4f — d948055bd46a9c14d1d4217aed65c5c258c32903+5
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23141: In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessin↗2026-02-14
GHSA▶
GHSA-8xwj-jmfw-cfc3: In the Linux kernel, the following vulnerability has been resolved:
btrfs: send: check for inline extents in range_is_hole_in_parent()
Before access↗2026-02-14